On Fri, Mar 14, 2008 at 3:53 PM, TheBlunderbuss tehblunderbuss@gmail.com wrote:
The recent discussion about Windows viruses working through Wine leads
me to questions about its security. I've heard that using a separate user is alright, and then it isn't alright.
Where did you hear that its not alright? Running wine as a normal (non-root privs) user is the recommended way to use wine for most software that you know is legit.
No matter what if your running a program, be it linux or windows (on wine) it always has the potential to mess up things that the user running it has access too. So if you run it as a normal user the worst it can do is mess up that users files (unless its really really sneaky and root exploits, but thats another case). All of your important system files are owned by root (or they should be...) so as long as your not running as root it can't break your actual system.
That you shouldn't use sudo to login to such a special wine user. That you really should use a virtual machine for total security.
Sure; if your playing with something you know could be nasty the best guarantee that it won't affect anything in your environment is a virtual machine. But for apps that you know are alright, games etc. then running as a normal user is perfectly fine.
What's the consensus here? And shouldn't this info be published somewhere, in big bold letters?
Part 2 Section 11
No matter what if your running a program, be it linux or windows (on wine) it always has the potential to mess up things that the user running it has access too.
Not true - you should be running in a SELinux sandbox to solve this problem. I'm not sure if the technology is mature enough for this, but it can and will constrain beyond user privs.
So if you run it as a normal user the worst it can do is mess up that users files All of your important system files are owned by root (or they should be...)
Quite the opposite in fact - anything important's already in the user's files - saved passwords, crypto keys, personal data, financial files. The root stuff is not interesting at all, except as a means to get to the user's files.
- Ivan